June 1, 2010
Original article posted on June 1, 2010 – EE Times.
By Rick Merritt, EE Times
Interview: Vint Cerf on What the Net Needs Now
Thoughts on policy, security from an Internet pioneer
SANTA CLARA, Calif. — We bumped into Vint Cerf in the hallways of the Santa Clara Convention Center while he was on his way to give a keynote address on smart grids at Connectivity Week. The co-developer of the Internet's TCP/IP protocol, now an Internet evangelist for Google, sat down with us for a few minutes to catch up on the wide variety of projects in which he is interested. They range from government policy and privacy to cryptography and flow routers.
EE Times: What do you spend your time on these days?
Vint Cerf: It covers the waterfront. A great deal of my work is on security at all levels in the architecture. I have a great antipathy for reusable passwords which are so easily broken. In their place, I am advocating for two-layer authentication at all levels of the architecture so devices and users can authenticate each other.
I just completed work with the IETF on standards for international domain names. It took two years to work that off the plate.
I am quite involved in the smart grid, serving on the governing board of the Smart Grid Interoperability Panel, participating in the Google Power Meter activity and acting as chairman of an advisory committee to NIST.
I am still working with the Jet Propulsion Lab on the interplanetary Internet which is moving ahead nicely.
I've become very interested in the general cybersecurity problem on a national and international basis, and in health care IT which is another area where Google has some interest.
I plan to participate in an Internet governance forum this year that will look at what kinds of constructive inter-government agreements could be made to facilitate e-commerce including agreed definition of digital signatures and their legal weight.
EET: What kinds of policies does the Internet need?
Cerf: The sound bite is the law of the Net is like the law of the sea. We need to find common ground on what abuse on the Net is. For example, we might agree fraud is one form of an abuse.
We need trans-border agreements about law enforcement and possibly extradition and recourse for harms that have occurred by way of the Internet. The question is, if you perform a theft by way of the Internet and the actors are scattered across the globe what instruments can you evoke so people cannot hide where they are? The attribution problem is quite challenging.
These are all things that require inter-governmental cooperative efforts and should be informed by input from multiple stakeholders. I am very proud groups such as ICANN can aggregate many stakeholders as a forum to form and influence policy.
There's an interesting side story here on state use of the Internet for censorship or military purposes like harming another state's infrastructure deliberately. For example, there are no norms I know about that speak to what state sponsored harm would constitute an act of war.
What's even more thought provoking is we now have in the hands of individuals very powerful means for inflicting harm on state level entities. We never had that kind of asymmetry before, but it's like an [improvised explosive device] and we have to learn how to cope with it. If we don't come to grips with this we will have created a brittle, fragile infrastructure for international commerce.
EET: Pretty big issues
Cerf: Yes, sometimes I wish we could roll back the clock and put some things in [the Internet architecture] that weren't available at the time—like public key cryptography. That technology wasn’t there at least in an unclassified form at the time we were developing the Internet.
The Internet started off as just an experiment. It didn't even exit from the experimental phase until late '80's when commercial services emerged, so really were talking about just 20 years of experience with a commercial Internet.
EET: Google and Facebook have been taking a beating in the press lately for how they handle Net privacy. For example, Google recently revealed its roving cars that collect street view pictures for Google Maps had inadvertently collected data from Wi-Fi services.
Cerf: The very fact a terabyte of data was not noticeable in exabyte piles they collected was interesting. And the fact that this data is radiated in the clear suggests we should help people not radiate this stuff in the clear.
EET: Another Internet pioneer, Larry Roberts, is now pushing for ways to control multi-flow traffic which he claims is unfairly clogging traffic. What do you think of his current work?
Cerf: In the early days of the Net, I didn’t see a need for it. Larry's methods are most interesting at edge of Net where you get this huge dynamic range of demand, but the core of Net is all about aggregating a lot of flows and stats, so the variances are less.
The only real argument I have with Larry is that at sufficiently high speeds even at the edge will we still need this flow control? It's possible to have an argument on either side.
I think window-based flow controls based on watching buffer sizes will become less effective at increasing speeds. At high enough speeds in the Net keeping track of every flow may not be necessary. Overall, I would say caching a better solution than throttling.
Also, Nick McKeown at Stanford has done some interesting work on flow routers that may go beyond what Larry has done.